CN117134904B - Method based on identity recognition and dynamic encryption and decryption communication - Google Patents
Method based on identity recognition and dynamic encryption and decryption communication Download PDFInfo
- Publication number
- CN117134904B CN117134904B CN202311125639.8A CN202311125639A CN117134904B CN 117134904 B CN117134904 B CN 117134904B CN 202311125639 A CN202311125639 A CN 202311125639A CN 117134904 B CN117134904 B CN 117134904B
- Authority
- CN
- China
- Prior art keywords
- unit
- user
- random number
- key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 70
- 238000004891 communication Methods 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 57
- 238000012795 verification Methods 0.000 claims abstract description 38
- 230000005540 biological transmission Effects 0.000 claims abstract description 24
- 230000003993 interaction Effects 0.000 claims abstract description 11
- 238000009795 derivation Methods 0.000 claims description 9
- 238000012423 maintenance Methods 0.000 claims description 9
- 230000006399 behavior Effects 0.000 claims description 3
- 238000011156 evaluation Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 150000003839 salts Chemical class 0.000 description 4
- 241001441724 Tetraodontidae Species 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The invention discloses a method based on identity recognition and dynamic encryption and decryption communication, relates to the technical field of network communication, and solves the problems of high data transmission safety and high communication cost. The communication method comprises the steps that a user logs in a communication system and performs identity information authentication; carrying out dynamic key negotiation on the acquired user identity information and the random number; dynamic encryption and decryption are carried out in the data communication process; periodically updating the dynamic public key and the user private key; after the user completes communication, identity cancellation and access trace hiding are carried out; the invention encrypts the dynamic public key through the encryption negotiation algorithm, generates the pseudo random number according to the random number and the user identity information through the decryption interaction algorithm, splits, reorganizes and checks the original password of the user through the cubic interpolation encryption algorithm and generates the random number, thereby greatly improving the communication efficiency and performance, ensuring the safety of the communication process and reducing the identity verification time and complexity in the communication process.
Description
Technical Field
The invention relates to the technical field of communication security, in particular to a communication method based on identity recognition and dynamic encryption and decryption.
Background
Network communication has become an integral part of people's daily life and work. However, in the conventional network communication, since information transmission in the communication process is easily eavesdropped, tampered and falsified, security and reliability of the communication are difficult to be ensured. In order to solve this problem, some encryption techniques are proposed and widely used in network communication to ensure confidentiality, integrity and reliability of information in the communication process.
Currently, for encryption technology in network communication, a key-based encryption mode is generally adopted, that is, a sender and a receiver share a key before communication, and then use the key to encrypt and decrypt in the communication process. However, in conventional network communications, since the key needs to be transmitted during the communications, the security of the key becomes one of the most important problems in network communications, however, the advent of blockchain technology provides a new idea for solving the problem.
One typical application is that each node in the blockchain technology needs to have a user private key to sign and verify transactions. But also easily stolen by an attacker because the user private key needs to be securely stored on the local device. To address this problem, identification techniques may be used to generate dynamic keys and use them to sign and verify transactions. Thus, even if an attacker obtains the user private key of the node, the transaction cannot be forged or tampered with.
The existing identity recognition technology often needs extra storage space and computing resources while guaranteeing the communication security, and the complexity and cost of communication are increased.
Disclosure of Invention
Aiming at the defects of the technology, the invention discloses a communication method based on identity recognition and dynamic encryption and decryption, which generates a pseudo-random number according to a random number and user identity information through a decryption interaction algorithm, splits, reorganizes and checks the original password of a user through a cubic interpolation encryption algorithm and generates the random number, thereby greatly improving the communication efficiency and performance, ensuring the safety of the communication process and reducing the authentication time and complexity in the communication process.
In view of the above, the invention provides a communication method based on identity recognition and dynamic encryption and decryption, which comprises the following steps:
Step 1, a user logs in a communication system and performs identity information authentication;
verifying the name, age, occupation and operation authority of the user through an identity authentication module;
Step 2, carrying out dynamic key negotiation on the acquired user identity information and the random number;
Generating a dynamic key according to the user identity information and the random number through a dynamic key generation module; the dynamic key generation module comprises a key derivation unit, a digital signature unit, a public key encryption unit and a pseudo-random number decryption unit, wherein the digital signature unit adopts an ECDSA algorithm to authenticate the user identity in the key negotiation process, the pseudo-random number decryption unit adopts a decryption interaction algorithm to generate a pseudo-random number according to the random number and the user identity information, the output end of the digital signature unit is connected with the input end of the key derivation unit, the output end of the key derivation unit is connected with the input end of the public key encryption unit, and the output end of the public key encryption unit is connected with the input end of the pseudo-random number decryption unit;
step 3, dynamically encrypting and decrypting in the data communication process;
encrypting and decrypting the communication data during data transmission through an encrypting and decrypting module;
step 4, updating the private key of the user regularly;
Maintaining and updating a user private key, a random number and a pseudo-random number through a key updating module;
step 5, after the user completes communication, identity cancellation and access trace hiding are carried out;
and hiding the user identity and the communication trace through the traceless cancellation module.
As a further embodiment of the invention, the identity authentication module comprises a fingerprint identification unit, a voiceprint verification unit and a password verification unit, wherein the fingerprint identification unit adopts a fingerprint acquisition instrument to match a user fingerprint with a database fingerprint, the voiceprint verification unit adopts a tone analyzer to identify the tone of the user voice, the password verification unit adopts a cubic interpolation encryption algorithm to split, recombine and verify the original password of the user and generate a random number, the output end of the fingerprint identification unit is connected with the input end of the voiceprint verification unit, and the output end of the voiceprint verification unit is connected with the input end of the password verification unit.
As a further embodiment of the present invention, the encryption and decryption module includes a digest unit, a data encryption unit, a data transmission unit and a data decryption unit, where the digest unit uses SHA-256 algorithm to verify data and verify a message digest, the data encryption unit uses AES algorithm to symmetrically encrypt communication data and generate the communication data, the data transmission unit uses ZigBee protocol to perform data transmission, the data decryption unit uses SM2 algorithm and a user private key to decrypt the received encrypted communication data to obtain plaintext data, an output end of the digest unit is connected to an input end of the data encryption unit, an output end of the data encryption unit is connected to an input end of the data transmission unit, and an output end of the data transmission unit is connected to an input end of the data decryption unit.
As a further embodiment of the present invention, the key updating module includes a vulnerability stealing unit, a virtual attack unit, a security judging unit and an updating maintenance unit, where the vulnerability stealing unit explores and marks weak points in a data communication process through a vulnerability intrusion algorithm so as to intercept data information, the virtual attack unit adopts a gain++ network to virtualize and reconstruct network attack behavior according to the weak point information, the security judging unit adopts an evaluation algorithm to judge security levels of a user private key, a random number and a pseudo random number in a current stage according to a virtual network attack result, the updating maintenance unit regenerates the user private key, the random number and the pseudo random number, the security level of which cannot reach level a, according to the judging result, an output end of the vulnerability stealing unit is connected with an input end of the virtual attack unit, an output end of the virtual attack unit is connected with an input end of the security judging unit, and an output end of the security judging unit is connected with an input end of the updating maintenance unit.
As a further embodiment of the present invention, the traceless cancellation module includes an automatic offline unit, an information traceless unit and a verification roaming unit, where the automatic offline unit automatically performs offline operation on a user when the user does not touch the data input end for 30 minutes and no data is transmitted, the information traceless unit conceals the browsing track of the user and the transmitted data information by using a randomization algorithm, the verification roaming unit recovers the transmitted data information by verifying user identity information, a user private key, a random number and a pseudo random number, an output end of the information traceless unit is connected with an input end of the verification roaming unit, and an output end of the verification roaming unit is connected with an input end of the automatic offline unit.
As a further embodiment of the present invention, the working method of the decryption interaction algorithm is as follows: firstly, selecting a Fortuna seed generator and an RSA key pair, then using a Fortuna algorithm to generate a pseudo-random number, performing block encryption to obtain an RSA ciphertext, using a private key to decrypt the RSA ciphertext by a receiver to obtain the Fortuna key, performing exclusive-or operation on the Fortuna key by a sender and the receiver to obtain the same pseudo-random number, performing exclusive-or operation on an original plaintext and the pseudo-random number by the sender and the receiver to obtain the ciphertext, then transmitting the ciphertext to the receiver to perform decryption, and finally performing exclusive-or operation on the ciphertext and the pseudo-random number by the sender and the receiver to obtain the original plaintext.
As a further embodiment of the present invention, the working method of the cubic interpolation encryption algorithm is as follows: firstly converting an original plaintext into a binary number array, then converting a password into a binary number array and the first three bits, then filling the binary number array into multiples of 3, then dividing the filled binary number array into a plurality of triplets of 3 in length, then carrying out tertiary interpolation calculation on each triplet, then converting the tertiary interpolation result into a binary number array, then carrying out exclusive-or operation on each bit in each triplet to obtain ciphertext of each triplet, and finally merging the ciphertext of each triplet into a total ciphertext.
Positive beneficial effects
The invention generates the pseudo-random number according to the random number and the user identity information through the decryption interaction algorithm, splits, reorganizes and checks the original password of the user through the cubic interpolation encryption algorithm and generates the random number, thereby greatly improving the communication efficiency and performance, ensuring the safety of the communication process and reducing the identity verification time and complexity in the communication process.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described below, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings may be obtained from these drawings without inventive faculty for a person skilled in the art, wherein,
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a basic architecture diagram of the present invention;
FIG. 3 is a diagram of a key update module architecture;
FIG. 4 is a diagram of an identity authentication module architecture;
FIG. 5 is a diagram of a dynamic key generation module architecture;
FIG. 6 is a flowchart of an identity authentication module;
fig. 7 is a dynamic key encryption and decryption flow chart.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
As shown in fig. 1, a communication method based on identity recognition and dynamic encryption and decryption comprises the following steps:
Step 1, a user logs in a communication system and performs identity information authentication;
verifying the name, age, occupation and operation authority of the user through an identity authentication module;
Step 2, carrying out dynamic key negotiation on the acquired user identity information and the random number;
Generating a dynamic key according to the user identity information and the random number through a dynamic key generation module; the dynamic key generation module comprises a key derivation unit, a digital signature unit, a public key encryption unit and a pseudo-random number decryption unit, wherein the key derivation unit derives according to random numbers and user identity information by adopting a PBKDF2 algorithm, the digital signature unit authenticates user identities in a key negotiation process by adopting an ECDSA algorithm, the pseudo-random number decryption unit generates pseudo-random numbers according to random numbers and user identity information by adopting a decryption interaction algorithm, the output end of the digital signature unit is connected with the input end of the key derivation unit, the output end of the key derivation unit is connected with the input end of the public key encryption unit, and the output end of the public key encryption unit is connected with the input end of the pseudo-random number decryption unit;
step 3, dynamically encrypting and decrypting in the data communication process;
encrypting and decrypting the communication data during data transmission through an encrypting and decrypting module;
step 4, updating the private key of the user regularly;
Maintaining and updating a user private key, a random number and a pseudo-random number through a key updating module;
step 5, after the user completes communication, identity cancellation and access trace hiding are carried out;
and hiding the user identity and the communication trace through the traceless cancellation module.
The output end of the identity authentication module is connected with the input end of the dynamic key generation module, the output end of the dynamic key generation module is connected with the input end of the encryption and decryption module, the output end of the encryption and decryption module is connected with the input end of the key updating module, and the output end of the key updating module is connected with the input end of the traceless cancellation module.
In a specific embodiment, the working process of the dynamic key generation module is as follows:
1. the user terminal initiates a dynamic key request to gateway equipment, wherein the dynamic key request comprises identity information and random numbers;
2. after receiving the request, the gateway equipment forwards the request to a dynamic key generation server;
3. The dynamic key generation server generates a dynamic key according to the identity information and the random number;
4. the dynamic key generation server encrypts the dynamic key by using the public key of the gateway equipment and sends the encrypted dynamic key to the user side;
5. after receiving the encrypted dynamic key, the user decrypts the dynamic key by using the identity information and the random number to obtain the dynamic key.
Further, the identity authentication module comprises a fingerprint identification unit, a voiceprint verification unit and a password verification unit, wherein the fingerprint identification unit is used for matching a user fingerprint with a database fingerprint by adopting a fingerprint acquisition instrument, the voiceprint verification unit is used for identifying the tone of a user voice by adopting a tone analyzer, the password verification unit is used for splitting, reorganizing and verifying an original user password by adopting a cubic interpolation encryption algorithm and generating a random number, the output end of the fingerprint identification unit is connected with the input end of the voiceprint verification unit, and the output end of the voiceprint verification unit is connected with the input end of the password verification unit.
In a specific embodiment, the working process of the identity authentication module is as follows:
1. The user terminal initiates an identity authentication request to the gateway equipment, wherein the request comprises identity information;
2. after receiving the request, the gateway equipment forwards the request to an identity authentication server;
3. the identity authentication server verifies the identity information of the requesting party, matches the identity information during verification, has legal identity, successfully authenticates and generates random numbers;
4. The identity authentication server encrypts the identity information and the random number and sends the encrypted information to the gateway equipment;
5. and the gateway equipment sends the encryption information to the user terminal after receiving the encryption information.
Further, the encryption and decryption module comprises a summary unit, a data encryption unit, a data transmission unit and a data decryption unit, wherein the summary unit adopts an SHA-256 algorithm to verify data and check message summaries, the data encryption unit adopts an AES algorithm to carry out symmetric encryption on communication data and generate the communication data, the data transmission unit carries out data transmission through a ZigBee protocol, the data decryption unit adopts an SM2 algorithm and a user private key to decrypt the received encrypted communication data so as to obtain plaintext data, the output end of the summary unit is connected with the input end of the data encryption unit, the output end of the data encryption unit is connected with the input end of the data transmission unit, and the output end of the data transmission unit is connected with the input end of the data decryption unit.
Further, the key updating module comprises a vulnerability stealing unit, a virtual attack unit, a security judging unit and an updating maintenance unit, wherein the vulnerability stealing unit explores and marks weak points in the data communication process through a vulnerability intrusion algorithm so as to intercept data information, the virtual attack unit adopts a GAIN++ network to virtualize and reconstruct network attack behaviors according to the weak point information, the security judging unit adopts an evaluation algorithm to judge the security levels of a user private key, a random number and a pseudo random number at the current stage according to a virtual network attack result, the updating maintenance unit regenerates the security levels which cannot reach the A-level user private key, the random number and the pseudo random number according to the judging result, the output end of the vulnerability stealing unit is connected with the input end of the virtual attack unit, the output end of the virtual attack unit is connected with the input end of the security judging unit, and the output end of the security judging unit is connected with the input end of the updating maintenance unit.
In a specific embodiment, the working process of the key updating module is as follows:
1. starting a key updating module by a key manager or a system manager according to the strategy requirement at a specified time or under a specified condition;
2. the key updating module generates a new key and stores the new key in a key store;
3. The key update module distributes the new key to all systems or applications that need to use the key. This process may be accomplished through a secure communication channel or physical storage medium;
4. the key updating module informs all systems or application programs to stop using the old key and start using the new key;
5. The key update module deletes the old key from the keystore to ensure that it is no longer in use and makes the appropriate record keeping.
Further, the traceless cancellation module comprises an automatic offline unit, an information traceless unit and a verification roaming unit, wherein the automatic offline unit automatically performs offline operation on a user when the user does not touch a data input end for 30 minutes and does not have data transmission, the information traceless unit adopts a randomization algorithm to hide a browsing track of the user and transmitted data information, the verification roaming unit recovers the transmitted data information through verification user identity information, a user private key, a random number and a pseudo random number, the output end of the information traceless unit is connected with the input end of the verification roaming unit, and the output end of the verification roaming unit is connected with the input end of the automatic offline unit.
In a specific embodiment, the working process of the traceless cancellation module is as follows:
1. When a user uses a system or an application program, the traceless cancellation module runs in the background;
2. When the user does not perform any data input or transmission operation within 30 minutes, the automatic offline unit performs offline operation on the user;
3. When a user performs data input or transmission operation, the information traceless unit uses a randomization algorithm to hide the browsing track of the user and transmit data information, so that the privacy of the user is protected;
4. when the user logs out or exits the system or application, the authentication roaming unit recovers the transmitted data information by authenticating the user identity information, the user private key, the random number, the pseudo random number, and the like. Meanwhile, the verification roaming unit can encrypt the data, so that confidentiality of the data is protected;
5. when the automatic offline unit receives a signal that the user logs out or exits the system or the application program, the automatic offline unit performs offline operation on the user.
In a specific embodiment, the working principle of the encryption negotiation algorithm is as follows: and encrypting the negotiated key by using the Blowfish to generate a symmetric key. The Blowfish algorithm is a symmetric encryption algorithm that is strong and fast to encrypt, and thus is suitable for encrypting messages. And finally, the two parties use the symmetric key to carry out communication encryption and data protection.
The pseudo code of the encryption negotiation algorithm is realized as follows:
Selective PEL-256 curve
curve=PEL-256
Generating public-private key pairs by// Bob
bobPrivateKey,bobPublicKey=generateKeyPair(curve)
Generating public-private key pairs by// Alice
alicePrivateKey,alicePublicKey=generateKeyPair(curve)
The// Bob sends the public key to Alice
send(bobPublicKey)
The/Alice receives Bob's public key and saves it
bobPublicKey=receive()
The two parties perform key negotiation by using the public key of the other party to generate a common negotiation key
sharedKey=bobPrivateKey.generateSecretKey(alicePublicKey)
(Ii)/randomly generating a salt value, plaintext data
salt=generateSalt()
plaintext=generatePlaintext()
The two parties perform Blowfish encryption on the salt value and the plaintext data by using the common negotiation key to generate a symmetric key
cipherKey=sharedKey.encryptBlowfish(salt+plaintext)
Communication encryption and data protection by both parties using symmetric keys
encryptedData=cipherKey.encrypt(plaintext)
send(encryptedData)
Further, the working method of the decryption interaction algorithm comprises the following steps: firstly, selecting a Fortuna seed generator and an RSA key pair, then using a Fortuna algorithm to generate a pseudo-random number, performing block encryption to obtain an RSA ciphertext, using a private key to decrypt the RSA ciphertext by a receiver to obtain the Fortuna key, performing exclusive-or operation on the Fortuna key by a sender and the receiver to obtain the same pseudo-random number, performing exclusive-or operation on an original plaintext and the pseudo-random number by the sender and the receiver to obtain the ciphertext, then transmitting the ciphertext to the receiver to perform decryption, and finally performing exclusive-or operation on the ciphertext and the pseudo-random number by the sender and the receiver to obtain the original plaintext.
In a specific embodiment, the principle of the decryption interaction algorithm is as follows: first, a high-quality pseudo-random number is generated by adopting a Fortuna algorithm. And then encrypting the ciphertext by using an RSA algorithm to generate an RSA ciphertext. And then performing exclusive or operation on the RSA ciphertext and the key generated by the Fortuna to obtain the decrypted pseudo-random number. And finally, performing exclusive OR operation on the original plaintext and the decrypted pseudo-random number to obtain the decrypted message.
The pseudo code of the decryption interaction algorithm is realized as follows:
the// select Fortuna seed generator and RSA key pair
fortunaGenerator=FortunaGenerator()
rsaPrivateKey,rsaPublicKey=generateRSAKeyPair()
The// sender generates pseudo-random numbers using the Fortuna algorithm and encrypts the packets into RSA ciphertext
plaintext=generatePlaintext()
randomBytes=fortunaGenerator.generateRandomBytes(len(plaintext))
cipherText=rsaPublicKey.encrypt(randomBytes)
The/(receiver uses the private key to decrypt the RSA ciphertext to obtain the Fortuna key
randomBytes=rsaPrivateKey.decrypt(cipherText)
The/sender and receiver exclusive-or operate using the Fortuna key to obtain the same pseudo-random number
xorKey=randomBytes
The input/output side performs exclusive OR operation on the original plaintext and the pseudo-random number to obtain ciphertext
encryptedData=plaintext^xorKey
The sender sends the ciphertext to the receiver for decryption
send(encryptedData)
encryptedData=receive()
The/(receiver uses pseudo-random number to exclusive-or the ciphertext to obtain the original plaintext
decryptedData=encryptedData^xorKey
Further, the working method of the cubic interpolation encryption algorithm comprises the following steps: firstly converting an original plaintext into a binary number array, then converting a password into a binary number array and the first three bits, then filling the binary number array into multiples of 3, then dividing the filled binary number array into a plurality of triplets of 3 in length, then carrying out tertiary interpolation calculation on each triplet, then converting the tertiary interpolation result into a binary number array, then carrying out exclusive-or operation on each bit in each triplet to obtain ciphertext of each triplet, and finally merging the ciphertext of each triplet into a total ciphertext.
In a specific embodiment, the working principle of the cubic interpolation encryption algorithm is as follows:
1. Firstly, converting an original plaintext Message into a binary number sequence M;
2. converting the Key Key into a binary number sequence K, and taking the first three bits of K as a0, a1 and a2 respectively;
3. Filling the binary number array M to make the length of the binary number array M be a multiple of 3;
4. dividing the filled binary number array M into a plurality of triples Mi= (M0, M1, M2) with the length of 3;
5. The following is performed for each triplet Mi:
(1) Calculating cubic interpolation x=a0+a1 i+a2 i 2, wherein i is 0,1,2;
(2) Converting the cubic interpolation result X into a binary number array X;
(3) Performing exclusive or operation on each bit Mi in Mi to obtain ciphertext Ci= (m 0xor X [0], m1 xor X [1], m2 xor X [2 ]);
6. Combining each ciphertext Ci into one ciphertext C;
7. sending the ciphertext C to a receiver for decryption;
the decryption process is similar to the encryption process, and mainly restores the ciphertext to plaintext. The specific process is as follows:
1. Dividing the ciphertext C into a plurality of triples ci= (C0, C1, C2) of length 3;
2. the following is done for each triplet Ci:
(1) Calculating cubic interpolation x=a0+a1 i+a2 i 2, wherein i is 0,1,2;
(2) Converting the cubic interpolation result X into a binary number array X;
(3) Performing exclusive OR operation on each bit Ci in Ci to obtain Ci plaintext Mi= (c 0 xor X [0], c1 xor X [1], c2 xor X [2 ]);
3. combining each plaintext Mi into one plaintext M;
4. and removing the filled filling part to obtain the original plaintext Message.
It should be noted that the cubic interpolation encryption algorithm needs to ensure the random generation and confidentiality of the Key, otherwise it may be guessed or cracked by an attacker, as shown in table 1.
Table 1 code interpolation table
Three different ciphers, corresponding first, second and third interpolation results, and finally the combined plaintext are recorded in table 1. The encryption process of each password is analyzed in detail as follows.
1. Encrypting password 1234780
The password 1234780 is divided into several triples of length 3:
(1,2,3),(4,7,8),(0,0,7)
Encrypting each triplet:
(1,2,3)^(1,1,18)=(0,3,17)
(4,7,8)^(4,4,25)=(0,3,17)
(0,0,7)^(0,3,17)=(0,3,26)
combining the ciphertext of the three triplets into a total ciphertext:
"01100001011000100111110111100010"
the encrypted ciphertext is 01100001011000100111110111100010"
2. Encrypting password 46789209
The password 46789209 is divided into several triples of length 3:
(4,6,7),(8,9,2),(0,9,0)
Encrypting each triplet:
(4,6,7)^(4,5,16)=(0,3,17)
(8,9,2)^(8,7,19)=(0,2,17)
(0,9,0)^(0,9,18)=(0,0,18)
combining the ciphertext of the three triplets into a total ciphertext:
"010001000101010011000001010010001101001"
the encrypted ciphertext is 010001000101010011000001010010001101001"
3. Encrypting password 892301987
The password 892301987 is divided into several triples of length 3:
(8,9,2),(3,0,1),(9,8,7)
Encrypting each triplet:
(8,9,2)^(8,2,35)=(0,11,33)
(3,0,1)^(3,3,20)=(0,3,21)
(9,8,7)^(5,3,12)=(12,11,15)
combining the ciphertext of the three triplets into a total ciphertext:
"100010001011000001100100001111111101001000001100"
The encrypted ciphertext is 100010001011000001100100001111111101001000001100"
Thus, by the cubic interpolation encryption algorithm, passwords of different lengths can be encrypted into one long string.
The pseudo code of the cubic interpolation encryption algorithm is realized as follows:
Conversion of original plaintext into binary sequence
plaintext=toBinary(message)
Converting a cipher into a binary number and the first three bits
password=toBinary(key)
password=password[:3]
Filling columns of binary numbers to multiples of 3 in length
n=len(plaintext)%3
if n!=0:
plaintext+='0'*(3-n)
Dividing the binary number array after filling into several triples with length of 3
triplets=[plaintext[i:i+3]for i in range(0,len(plaintext),3)]
Performing tertiary interpolation calculation on each triplet to obtain a tertiary interpolation result
interpolatedTriplets=[interpolate(t,password)for t in triplets]
Converting the result of the cubic interpolation into binary number sequence, and performing exclusive OR operation on each bit in each triplet to obtain ciphertext of each triplet
encTriplets=[reduce(lambda x,y:x^y,toBinary(i))for iin interpolatedTriplets]
Combining the ciphertext of each triplet into a total ciphertext
cipherText=”.join(encTriplets)
While specific embodiments of the present invention have been described above, it will be understood by those skilled in the art that these specific embodiments are by way of example only, and that various omissions, substitutions, and changes in the form and details of the methods and systems described above may be made by those skilled in the art without departing from the spirit and scope of the invention. For example, it is within the scope of the present invention to combine the above-described method steps to perform substantially the same function in substantially the same way to achieve substantially the same result. Accordingly, the scope of the invention is limited only by the following claims.
Claims (3)
1. A communication method based on identity recognition and dynamic encryption and decryption is characterized in that: the method comprises the following steps:
Step 1, a user logs in a communication system and performs identity information authentication;
verifying the name, age, occupation and operation authority of the user through an identity authentication module;
Step 2, carrying out dynamic key negotiation on the acquired user identity information and the random number;
generating a dynamic key according to the user identity information and the random number through a dynamic key generation module; the dynamic key generation module comprises a key derivation unit, a digital signature unit and a pseudo-random number decryption unit, wherein the digital signature unit adopts an ECDSA algorithm to authenticate the user identity in the key negotiation process, the pseudo-random number decryption unit adopts a decryption interaction algorithm to generate pseudo-random numbers according to random numbers and user identity information, the output end of the digital signature unit is connected with the input end of the key derivation unit,
Step 3, dynamically encrypting and decrypting in the data communication process;
encrypting and decrypting the communication data during data transmission through an encrypting and decrypting module;
step 4, updating the private key of the user regularly;
Maintaining and updating a user private key, a random number and a pseudo-random number through a key updating module;
step 5, after the user completes communication, identity cancellation and access trace hiding are carried out;
hiding user identity and communication trace through the traceless cancellation module;
The identity authentication module comprises a fingerprint identification unit, a voiceprint verification unit and a password verification unit, wherein the fingerprint identification unit adopts a fingerprint acquisition instrument to match a user fingerprint with a database fingerprint, the voiceprint verification unit adopts a tone analyzer to identify the tone of the user voice, the password verification unit adopts a cubic interpolation encryption algorithm to split, recombine and verify the original password of the user and generate a random number, the output end of the fingerprint identification unit is connected with the input end of the voiceprint verification unit, and the output end of the voiceprint verification unit is connected with the input end of the password verification unit;
the encryption and decryption module comprises a summary unit, a data encryption unit, a data transmission unit and a data decryption unit, wherein the summary unit adopts an SHA-256 algorithm to verify data and check message summaries, the data transmission unit carries out data transmission through a ZigBee protocol, the data decryption unit adopts an SM2 algorithm and a user private key to decrypt received encrypted communication data so as to obtain plaintext data, the output end of the summary unit is connected with the input end of the data encryption unit, the output end of the data encryption unit is connected with the input end of the data transmission unit, and the output end of the data transmission unit is connected with the input end of the data decryption unit;
The key updating module comprises a vulnerability stealing unit, a virtual attack unit, a security judging unit and an updating maintenance unit, wherein the vulnerability stealing unit explores and marks weak points in the data communication process through a vulnerability intrusion algorithm so as to intercept data information, the virtual attack unit adopts a GAIN++ network to virtualize and reconstruct network attack behaviors according to the weak point information, the security judging unit adopts an evaluation algorithm to judge the security levels of a user private key, a random number and a pseudo random number in the current stage according to a virtual network attack result, the updating maintenance unit regenerates the security levels which cannot reach the A-level user private key, the random number and the pseudo random number according to the judging result, the output end of the vulnerability stealing unit is connected with the input end of the virtual attack unit, the output end of the virtual attack unit is connected with the input end of the security judging unit, and the output end of the security judging unit is connected with the input end of the updating maintenance unit; the working method of the decryption interaction algorithm comprises the following steps:
Firstly, selecting a Fortuna seed generator and an RSA key pair, then using a Fortuna algorithm to generate a pseudo-random number, performing block encryption to obtain an RSA ciphertext, using a private key to decrypt the RSA ciphertext by a receiver to obtain the Fortuna key, performing exclusive-or operation on the Fortuna key by a sender and the receiver to obtain the same pseudo-random number, performing exclusive-or operation on an original plaintext and the pseudo-random number by the sender and the receiver to obtain the ciphertext, then transmitting the ciphertext to the receiver to perform decryption, and finally performing exclusive-or operation on the ciphertext and the pseudo-random number by the sender and the receiver to obtain the original plaintext.
2. The communication method based on identity recognition and dynamic encryption and decryption according to claim 1, wherein the communication method is characterized in that: the traceless cancellation module comprises an automatic offline unit, an information traceless unit and a verification roaming unit, wherein the automatic offline unit automatically performs offline operation on a user when the user does not touch a data input end for 30 minutes and does not have data transmission, the information traceless unit adopts a randomization algorithm to hide a browsing track of the user and transmitted data information, the verification roaming unit recovers the transmitted data information by verifying user identity information, a user private key, a random number and a pseudo random number, the output end of the information traceless unit is connected with the input end of the verification roaming unit, and the output end of the verification roaming unit is connected with the input end of the automatic offline unit.
3. The communication method based on identity recognition and dynamic encryption and decryption according to claim 1, wherein the communication method is characterized in that: the working principle of the cubic interpolation encryption algorithm is as follows:
1. Firstly, converting an original plaintext Message into a binary number sequence M;
2. converting the Key Key into a binary number sequence K, and taking the first three bits of K as a0, a1 and a2 respectively;
3. Filling the binary number array M to make the length of the binary number array M be a multiple of 3;
4. dividing the filled binary number array M into a plurality of triples Mi= (M0, M1, M2) with the length of 3;
5. The following is performed for each triplet Mi:
(1) Calculating cubic interpolation x=a0+a1 i+a2 i 2, wherein i is 0,1,2;
(2) Converting the cubic interpolation result X into a binary number array X;
(3) Performing exclusive or operation on each bit Mi in Mi to obtain ciphertext Ci= (m 0xor X [0], m1 xor X [1], m2 xor X [2 ]);
6. Combining each ciphertext Ci into one ciphertext C;
7. and sending the ciphertext C to the receiver for decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311125639.8A CN117134904B (en) | 2023-09-01 | Method based on identity recognition and dynamic encryption and decryption communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311125639.8A CN117134904B (en) | 2023-09-01 | Method based on identity recognition and dynamic encryption and decryption communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117134904A CN117134904A (en) | 2023-11-28 |
| CN117134904B true CN117134904B (en) | 2024-06-28 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935553A (en) * | 2014-03-19 | 2015-09-23 | 北京安讯奔科技有限责任公司 | Unified identity authentication platform and authentication method |
| CN116170185A (en) * | 2022-12-29 | 2023-05-26 | 中国电信股份有限公司 | Data encryption method and device, processor and electronic equipment |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935553A (en) * | 2014-03-19 | 2015-09-23 | 北京安讯奔科技有限责任公司 | Unified identity authentication platform and authentication method |
| CN116170185A (en) * | 2022-12-29 | 2023-05-26 | 中国电信股份有限公司 | Data encryption method and device, processor and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111475796B (en) | Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station | |
| JP2926699B2 (en) | Communication partner authentication method and system | |
| KR100769482B1 (en) | Systems, methods and software for remote password authentication using multiple servers | |
| US6996715B2 (en) | Method for identification of a user's unique identifier without storing the identifier at the identification site | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| WO2002051049A9 (en) | One time password entry to access multiple network sites | |
| JPH118620A (en) | System and method for efficiently executing authentication of communication channel and facilitating detection of illegal forgery | |
| CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
| CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
| CN111797427A (en) | Block chain user identity supervision method and system considering privacy protection | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| KR102656403B1 (en) | Generate keys for use in secure communications | |
| CN113452687B (en) | Method and system for encrypting sent mail based on quantum security key | |
| CN113346995A (en) | Quantum security key-based method and system for preventing mail from being tampered in transmission process | |
| CN110999202A (en) | Computer-implemented system and method for highly secure, high-speed encryption and transmission of data | |
| CN111865579B (en) | SM2 algorithm transformation-based data encryption and decryption method and device | |
| CN106257859A (en) | A kind of password using method | |
| CN111368271A (en) | Method and system for realizing password management based on multiple encryption | |
| CN117134904B (en) | Method based on identity recognition and dynamic encryption and decryption communication | |
| CN116318654A (en) | SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution | |
| CN113438074B (en) | Decryption method of received mail based on quantum security key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |